Django Auth Boilerplate

[DRG104]

What stack are you using?

(ex: MERN(mongoose + react), DR(django + react), PEN, etc.)

DR

What's the problem you're trying to solve?

Assigning token for credential usage (such as sign out, change password, etc)

Post any code you think might be relevant (one fenced block per file)

input (in postman)

{
    "credentials": {
        "email": "gog@g.com",
        "password": "g12345!"
    }
}

output

{
    "user": {
        "id": 2,
        "email": "gog@g.com",
        "token": "64e7273e463e1d318b8340b749fd2b9d0c99ddbe"
    }
}

Code in boilerplate:

class SignIn(generics.CreateAPIView):
    # Override the authentication/permissions classes so this endpoint
    # is not authenticated & we don't need any permissions to access it.
    authentication_classes = ()
    permission_classes = ()

    # Serializer classes are required for endpoints that create data
    serializer_class = UserSerializer

    def post(self, request):
        creds = request.data['credentials']
        print(creds)
        # We can pass our email and password along with the request to the
        # `authenticate` method. If we had used the default user, we would need
        # to send the `username` instead of `email`.
        user = authenticate(request, email=creds['email'], password=creds['password'])
        # Is our user is successfully authenticated...
        if user is not None:
            # And they're active...
            if user.is_active:
                # Log them in!
                login(request, user)
                # Finally, return a response with the user's token
                return Response({
                    'user': {
                        'id': user.id,
                        'email': user.email,
                        'token': user.get_auth_token()
                    }
                })
            else:
                return Response({ 'msg': 'The account is inactive.' }, status=status.HTTP_400_BAD_REQUEST)
        else:
            return Response({ 'msg': 'The username and/or password is incorrect.' }, status=status.HTTP_422_UNPROCESSABLE_ENTITY)

If you see an error message, post it here. If you don't, what unexpected behavior are you seeing?

"detail": "Authentication credentials were not provided."

What is your best guess as to the source of the problem?

The documentation provided in the repo makes reference to changing token type to bearer which I assume is what we are used to from previous projects. I noticed the token provided in the boilerplate is longer than the bearer tokens from before.

What things have you already tried to solve the problem?

I attempted to change the class of token to follow the syntax in the documentation but I don't believe I'm accessing the token correctly. To begin with, the imports from the document don't match the imports of the boilerplate, specifically rest_framework.authtoken.models.Token. So I believe the boilerplate is handling authentication differently and I would rather try to understand how its working, rather than change it.

Paste a link to your repository here https://github.com/Zene09/server-dreamlancer

[kestler01]

headers: { Authorization: Token ${user.token} // default is 'Bearer', but that is for the express server: using django and it expects the authorization header to be Token 'user.token' }

[DRG104]

I don't understand, while I'm troubleshooting I am trying to use postman, if the default is bearer then shouldn't the request go through in Postman? In any case, both from the admin view and postman do not allow the request to go through.

[DRG104]

Solution:

In Authorization tab (where we traditionally set the bearer token such as in the pets API) set authorization to NO authorization then the next tab over click on headers and set the Key to Authroization and Value Token <enter token here>.

[DRG104]

Also, to view the headers for use in the front end: Click on </>

then change the code snippet to Node.Js - Axios and you can see headers here.